Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-15783 Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. | N/A | NONE | β | 0 |
| CVE-2019-15787 libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. | N/A | NONE | β | 0 |
| CVE-2019-15745 The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An atta... | N/A | NONE | β | 0 |
| CVE-2019-15771 The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | N/A | NONE | β | 0 |
| CVE-2019-15778 The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2019-15779 The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | N/A | NONE | β | 0 |
| CVE-2019-15781 The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2019-15784 Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. | N/A | NONE | β | 0 |
| CVE-2019-15785 FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c. | N/A | NONE | β | 0 |
| CVE-2019-15786 ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. | N/A | NONE | β | 0 |
| CVE-2019-15788 Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. | N/A | NONE | β | 0 |
| CVE-2019-11500 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead t... | N/A | NONE | β | 0 |
| CVE-2019-11476 An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash du... | N/A | NONE | β | 0 |
| CVE-2019-3394 There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read ... | N/A | NONE | β | 0 |
| CVE-2019-4132 IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274. | 3.3 | LOW | β | 0 |
| CVE-2019-4133 IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278. | 5.2 | MEDIUM | β | 0 |
| CVE-2019-4536 IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect proce... | 6.3 | MEDIUM | β | 0 |
| CVE-2019-7307 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.x... | 7.0 | HIGH | β | 0 |
| CVE-2019-15502 The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-T... | N/A | NONE | β | 0 |
| CVE-2019-15717 Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | N/A | NONE | β | 0 |
| CVE-2019-16354 The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | 4.7 | MEDIUM | β | 0 |
| CVE-2019-14437 The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a craf... | N/A | NONE | β | 0 |
| CVE-2019-14438 A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg fil... | N/A | NONE | β | 0 |
| CVE-2019-14498 A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | N/A | NONE | β | 0 |
| CVE-2019-14535 A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | N/A | NONE | β | 0 |
| CVE-2019-15805 CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded passwor... | N/A | NONE | β | 0 |
| CVE-2019-12754 Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject clie... | N/A | NONE | β | 0 |
| CVE-2019-15806 CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded passwor... | N/A | NONE | β | 0 |
| CVE-2019-15807 In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | 4.7 | MEDIUM | β | 0 |
| CVE-2019-14533 The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | N/A | NONE | β | 0 |
| CVE-2019-14534 In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | N/A | NONE | β | 0 |
| CVE-2019-14776 A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | N/A | NONE | β | 0 |
| CVE-2019-13526 Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2019-14777 The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | N/A | NONE | β | 0 |
| CVE-2019-14778 The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | N/A | NONE | β | 0 |
| CVE-2019-14970 A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | N/A | NONE | β | 0 |
| CVE-2019-14978 /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lo... | N/A | NONE | β | 0 |
| CVE-2019-14979 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchas... | N/A | NONE | β | 0 |
| CVE-2019-15811 In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | N/A | NONE | β | 0 |
| CVE-2019-11396 An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipu... | N/A | NONE | β | 0 |
| CVE-2019-11363 A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | N/A | NONE | β | 0 |
| CVE-2019-11364 An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_shar... | N/A | NONE | β | 0 |
| CVE-2019-8461 Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can lever... | N/A | NONE | β | 0 |
| CVE-2018-15510 Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | N/A | NONE | β | 0 |
| CVE-2018-15511 Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | N/A | NONE | β | 0 |
| CVE-2018-15512 Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | N/A | NONE | β | 0 |
| CVE-2018-18370 The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in th... | N/A | NONE | β | 0 |
| CVE-2018-18371 The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP m... | N/A | NONE | β | 0 |
| CVE-2019-11658 Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subs... | N/A | NONE | β | 0 |
| CVE-2019-14524 An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than ... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.